Privacy Policy

This is the privacy notice of Gemette Oy that is in accordance with the Personal Data Act (10 and 24§) and the General Data Protection Regulation (GDPR) of the European Union.

Register controller

Gemette Oy Pirkkakatu 8 A 8 96200 Rovaniemi Tel. +358 44 206 1303

Contact person: Mikko Kosonen, mikko.kosonen (at) novaskyland.com

Name of the register

Customer register of Gemette Oy

Legal basis and purpose of handling customer information

Legal basis according to the GDPR for handling customer information is Person’s consent (documented, voluntary, personalized, conscious and unequivocal) or agreement in which the registered is as a party.

Information stored:

name

address and email

phone number

Purpose of handling: Contacts that come through the website of Gemette Oy (Moomin Snowcastle). Maintenance of customer relationships and allowance of the contacts required by the customer service.

Data content of the register

Customer information required contacts and customer relationship will be stored.

Regular source of information

Information that is stored are acquired from the customer for example by messages that are sent in www-forms, e-mail, phone, services of social media, contracts, customer meetings and other situations where the customer gives their information.

Regular allowance of information and transfer outside the EU or ETA

Information will regularly not be given to other parties.

Principles of protecting the register

Handling of the register will be followed with caution and information handled with information systems will be protected appropriately. When register information is stored on internet-servers, the physical and digital information security of their equipment is taken care of appropriately. Stored information and server acces are only by the employees who are responsible for that.

Right to audit and the right to demand information correction

Every person that is in the register has the right to check their information that is stored in the register and request correction if false or insufficient information is found.

According to the General Data Protection Regulation (GDPR), data subjects have the right:

to obtain information on the processing of their personal data

of access to their data

to rectification of their data

to the erasure of their data and to be forgotten

to restrict the processing of their data

to data portability

to object to the processing of their data

not to be subject to a decision based solely on automated processing.

If the person wants to check their information or request for correction, written request to the register controller has to be sent. If needed, the register controller can ask the requester to prove their identity. Register controller answers to the customer in time that is in accordance with the GDPR (regularly in a month).